Fév 032018

Lots of additions, changes, bug fixes, etc made to OfflineReg.

Discussion here.

Donwload here.

Command line

OfflineReg v1.0.3 by Erwan.L - http://erwan.labalec.fr/ - erwan2212@gmail.fr
Main Usage : OfflineReg hivepath keypath verb argument(s)
Example : OfflineReg "c:\temp\system" a_key_path getvalue a_value_name
Example : OfflineReg "c:\temp\system" a_key_path getvaluebyteat a_value_name offset
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_sz_value a_new_value
Example : OfflineReg "c:\temp\system" a_key_path setvalue " " a_new_value -> will set default key
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_dword_value a_dword_value 4
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_qword_value a_qword_value 11
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_binary_value 0a,0b,0c,0d,0e,0f 3
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_binary_value "0a 0b 0c 0d 0e 0f" 3
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_multi_sz_value "blah blah blah" 7
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_expand_sz_value "blah blah blah" 2
Example : OfflineReg "c:\temp\system" a_key_path setvaluebyteat a_reg_binary_value a_byte_value offset
Example : OfflineReg "c:\temp\system" a_key_path deletevalue a_value
Example : OfflineReg "c:\temp\system" a_key_path deletekey a_key
Example : OfflineReg "c:\temp\system" a_key_path deletekey
Example : OfflineReg "c:\temp\system" a_key_path deletekeys
Example : OfflineReg "c:\temp\system" a_key_path createkey a_key
Example : OfflineReg "c:\temp\system" a_key_path createkey
Example : OfflineReg "c:\temp\system" " " createkey a_key -> will create a key under root
Example : OfflineReg "c:\temp\system" a_key_path enumkeys
Example : OfflineReg "c:\temp\system" " " enumkeys -> will enum keys under root
Example : OfflineReg "c:\temp\system" a_key_path enumkeysR
Example : OfflineReg "c:\temp\system" a_key_path enumvalues
Example : OfflineReg "c:\temp\system" a_key_path enumvaluesall
Example : OfflineReg "c:\temp\system" a_key_path create
Example : OfflineReg "c:\temp\system" " " create
Example : OfflineReg "c:\temp\system" " " import commands.reg
Example : OfflineReg "c:\temp\system" " " run commands.txt

 Posted by at 14 h 36 min
Jan 082018

Sharing a iPXE script (using wimboot) I am using these days along with Tiny PXE Server to boot winpe over the network on multiple platform : pcbios i386, pcbios x86_64, efi i386, efi x86_64.

Tiny PXE Server is serving by default pcbios ipxe.pxe and also, depending on the client architecture, serving the matching ipxe efi version.

See below my config.ini and a custom wimboot.ipxe script.

Discuss it here.


#more about wimboot tips and tricks : http://ipxe.org/wimboot
set boot-url http://${dhcp-server}
#note : we are not going to use cpuid/arch
cpuid --ext 29 && set arch x64 || set arch x86
echo ${arch}
echo ${platform}_${buildarch}
goto ${platform}_${buildarch} || goto unknown
kernel ${boot-url}/wimboot
initrd ${boot-url}/BOOTMGR.EXE bootmgr.exe
initrd ${boot-url}/BOOT/BCD BCD
initrd ${boot-url}/BOOT/BOOT.SDI BOOT.SDI
initrd ${boot-url}/SOURCES/x64/BOOT.WIM BOOT.WIM
kernel ${boot-url}/wimboot
initrd ${boot-url}/BOOTMGR.EXE bootmgr.exe
initrd ${boot-url}/BOOT/BCD BCD
initrd ${boot-url}/BOOT/BOOT.SDI BOOT.SDI
initrd ${boot-url}/SOURCES/x86/BOOT.WIM BOOT.WIM
kernel ${boot-url}/wimboot
initrd ${boot-url}/bootx64.efi bootx64.efi
initrd ${boot-url}/EFI/MICROSOFT/BOOT/BCD BCD
initrd ${boot-url}/BOOT/BOOT.SDI BOOT.SDI
initrd ${boot-url}/SOURCES/x64/BOOT.WIM BOOT.WIM
kernel ${boot-url}/wimboot.i386
initrd ${boot-url}/bootia32.efi bootia32.efi
initrd ${boot-url}/EFI/MICROSOFT/BOOT/BCD BCD
initrd ${boot-url}/BOOT/BOOT.SDI BOOT.SDI
initrd ${boot-url}/SOURCES/x86/BOOT.WIM BOOT.WIM
echo Unknown platform ${platform}_${buildarch}

 Posted by at 20 h 47 min  Tagged with:
Jan 082018

If like me you have an old computer and dont want to install the Ubuntu update for Meltdown and Spectre ubuntu update :

  • sudo vi /etc/default/grub
  • add nopti to GRUB_CMDLINE_LINUX_DEFAULT (there should be a list of parameters already like « nomdmonddf nomdmonisw nomdmonddf nomdmonisw »)
  • sudo update-grub
  • sudo reboot

check that nopti is there with cat /proc/cmdline

Jan 032018

On removable medias (such as USB disks), Windows can only access one partition at a time.
This is a driver limitation (which you can actually work around by using another driver but this is not the point of this article).

Here below one way to work around this.

First, lets select our device in CloneDisk and under the disk (right) menu : (1) put it offline, (2) delete disk layout, (3) create 2 (or more) partitions, (4) put your disk online.

Note that if you disk is already multi partitioned, you can skip the above 4 tasks and go the last part of this article which is about accessing the second partition.

Create one partition, and repeat this task once.

Once done (i.e partitions are created), it should looks like this once done (2 times 2 GB partitions).

In CloneDisk main window, put your disk online : windows should detect a new volume and offer to format it (if not, remove and reinsert media).

Create a folder named ‘part1’ (this is only a witness/indicator)

Now, lets see how we can access the second partition : Go back to CloneDisk -> Disk -> Partition Editor, select your second partition and « set as partition number 1 ».

Again, windows should detect a new volume (the previous volume ‘part 1’ has disappeared) and offer to format it (if not, remve and reinsert media) – unless you have skipped the first part of this article.

Create a folder named ‘part2’.

You can now switch back and forth between your partitions on your removable media by using CloneDisk -> Disk -> Partition Editor, select your partition and « set as partition number 1 ».

 Posted by at 20 h 31 min
Déc 292017

modified : rewritten _enum_drives_lv to enumerate thru volumes not drive letters (x32)
modified : selected.caption replaced with inttostr(integer(lvdisks.Selected.data)) (x32)
modified : renamed convert to vmdk/vhd to create vmdk file descriptor
modified : added raw to vhd in disk conversion
modified : GetVolumeNameForVolumeMountPoint moved to udiskmgmt
todo : move md5 hash to disk image
added : if pos(‘:\’,path)>0 then exit; in prep_src & prep_dst
added : backup/restore in mbr editor (x32)
modified : backup will now suggest a proper filename (x32)
modified : set disk ro and rw will go offline/online if disk is online (x32)
modified : VDI2RAW,vmdk2raw,vhd2raw,restore_devio,backup_devio,EWF2Drive,Drive2EWF moved to new uconvert unit (x32)
modified : createfile_devio,getfilesize_deviowrite_devio,prep_src,prep_dst,_lockdismount_vol,_unlock_vol moved to new uconvert unit (x32)
modified : vdi,LibVMDK,libVHDI,LibEWFUnit,wsck removed from umain (x32)
removed : privilege, ntdll, fmifs units
modified : GetDriveParams moved udiskmgt
removed : int13ext unit
modified : uformat renamed to ufrmformat
fixed : result set to 0 in lib._GetDosDrives
modified : Drive2RAW,RAW2Drive moved to uconvert unit (x32)
added : mode 0 in lib._EnumerateDosDevices to list all devices
added : list volume shadow copy volumes in volumes
added : add dos device in volumes
modified : renamed createvhd to umsvirtdisk
modified : renamed main to ufrmMain
modified : replaced custom wsck unit with delphi winsock unit
midified : libewf_SetCompressionValues uses LIBEWF_COMPRESS_FLAG_USE_EMPTY_BLOCK_COMPRESSION (x32)
modified : ufrvolume, definedosdevice will try DDD_RAW_TARGET_PATH and 0 (x32)
modified : drive2raw will display the offset if reafile fails (x32)
modified : xxx2RAW will propose to delete target file (x32)
todo : consider 1mB instead of 65kB for memsize in xxx2RAW functions
added : backup/restore from popup menu (x32)
added : checkbox in disk/part/disk&part popupmenu (x32)
added : offline/online after create partition (x32)
added : refresh after format (modal form) (x32)
added : try/catch in wim_logmessage
added : makeiso improvements around boot files
added : extend volume will propose the closest max size possible

 Posted by at 14 h 17 min
Déc 292017

added : imapi, copy bootfile to temp folder to avoid file used error
added : source/target label in convert image form
added : backup_drive, zeromemory when readfile=false
added : vdi2raw added in image conversion
added : vmdk2raw added in image conversion
added : vhd2raw added in image conversion
added : backup/restore caption in backup/restore form
todo : complete code to backup/restore from/to vhd/vmdk/vdi
added : backup_devio simplified
modified : backup_drive->Drive2RAW,backup_ewf->Drive2EWF,backup_wim->Drive2WiM
modified : restore_drive->RAW2Drive,restore_ewf->EWF2Drive,restore_wim->WIM2Drive
fixed : rename frmmain src & dst to _src and _dst which were creating inconsistencis here and there
modified : cleanup in raw2drive
modified : cleanup in ewf2drive
modified : backup/restore to/from devio renamed to … network
modified : unlockvolume in backup_devio
modified : cleanup in restore_devio
added : volumes
removed : mount point from ‘symlinks – mount points’ tab
removed : dosdevices in advanced tabs
removed : symlink in advanced tab
added : mount_vol and unmount_vol to udiskmgmt
added : change partition to number one in part editor
added : extra partition mbr types in part editor
modified : display disk id and part disk id, part id in updated column=’device’
added : restore any BS boot code
modified : renamed NT6 to NT6.3 in boot sector and MBR
modified : boot sector fields editable in white
added : VolumeNameToDeviceName to lib and removed from ufrmvolume
added : GetVolumePathNamesForVolumeName to udiskmgmt
modified : wim/wimboot/skip empty parts grayed out when needed in restore/backup

 Posted by at 14 h 17 min
Déc 282017

MkIso will create an ISO from a source folder.

Supports multi-boot iso : x86 and EFI.
Supports isolinux (checksum will be taken care of).
Tested successfully with Grub4Dos.

Mkiso is native (no external dependencies), standalone, built in on windows builtin imapi2.

MkIso is also part of CloneDisk.

Questions, feedback, requests welcome.



 Posted by at 23 h 31 min
Déc 262017

Lately I decided to flash my Linksys wrt1200ac with dd-wrt as Linksys obviously dropped support for this nice hardware (no more firmware updates for a long time).
Not to mention that the vendor firmware is extremely basic (not to say limited…).

Once I had flashed the device with the proper firmware, next step for me was to monitor bandwidth from my domotic/monitoring box (jeedom).

The most obvious track was snmp (dd-wrt feature) – Helas, the snmp daemon does not implement counter64 snmp values so this is useless.
Next step was to use some curl/awk/grep script like curl -u root:password, etc but the web pages heavily rely on javascript so here again, curl was a dead end.

I finally resorted to remotely read values from the device nvram using a script around ssh : not the most elegant way, but the only one I could work out.

The below will retrieve the day/month/year value from my Linksys wrt1200ac based on dd-wrt.
(Note, I had to use ssh-keygen & ssh-copy-id to be able to ssh without having to provide a password).

read YYYY MM DD <<<$(date +'%Y %m %d')
#echo 'nvram get traff-'$MM'-'$YYYY
sudo ssh root@ -q 'nvram get traff-'$MM'-'$YYYY | awk '{print $'$DD'}' | awk -F ":" '{print $1}'
Oct 312017
modified : dns proxy will read entries from config.ini (section=hostname,ident=ip), no more from hosts file
added : right click open config.ini
added : right click open root_path
fixed : share folder will now add everyone read-only on share permissions
added : share is created with STYPE_TEMPORARY flag, i.e will not survive a reboot
added : TPS will answer to specific ‘discovery’ messages (see discover.zip)
fixed : wsMinimized=1 was preventing form_show and load_config
added : each daemon will report on which ip it is listening (useful to troubleshoot)
added : syslogd will read ip under [syslog] in config.ini if one wants to bind to a specific interface (instead of by default)
fixed : error handling in log_memo to avoid a possible date bug
fixed : httpd could not list files/folder in a non indexed folder
modified : ucimp.pas uses winsock, not wsck
modified : iphlpapi_helper.pas uses winsock, not wsck
modified : usnoop uses winsock, not wsck
modified : iptypes uses winsock, not wsck
modified : removed ipheader unit in main form
modified : TPS does not use wsck unit anymore

Discuss it here.
Download here.

 Posted by at 20 h 12 min